Re: BT Hub6 - Wireless connection repeatedly dropped

As somebody who works in the security industry my view is that, if an attacker is able to compromise the WPA2 encryption and / or WPS using tools such as reaver then they will almost certainly compromise MAC address filtering in a few seconds. MAC filtering should not be regarded as adding any level of security to the WiFi and you would be fooling yourself to consider it a security enhancement of any kind unless you are trying to keep out somebody with a low level of IT Skill who almost certainly would not be able to compromise WPA2/WPS in the first instance.

In my view BT do right not to include it on a mass market home router, less to go wrong. Someone somewhere will enable it by mistake, & others will enable it and have a false sense of security, perhaps some will even disable WPA2 entirely and only setup MAC filtering believing it adequately protects them.

Re: BT Hub6 - Wireless connection repeatedly dropped

I used to be involved in designing encryption based systems, but retired some years ago.

Things have obviously moved on quite a lot since then. I looked at Reaver on the LifeHacker Web site and found the following:

"In a phone conversation, Craig Heffner said that the inability to shut this vulnerability down is widespread. He and others have found it to occur with every Linksys and Cisco Valet wireless access point they've tested. "On all of the Linksys routers, you cannot manually disable WPS," he said. While the Web interface has a radio button that allegedly turns off WPS configuration, "it's still on and still vulnerable.

So that's kind of a bummer. You may still want to try disabling WPS on your router if you can, and test it against Reaver to see if it helps.

You could also set up MAC address filtering on your router (which only allows specifically whitelisted devices to connect to your network), but a sufficiently savvy hacker could detect the MAC address of a whitelisted device and use MAC address spoofing to imitate that computer.

Double bummer. So what will work?

I have the open-source router firmware DD-WRT installed on my router and I was unable to use Reaver to crack its password. As it turns out, DD-WRT does not support WPS, so there's yet another reason to love the free router-booster. If that's got you interested in DD-WRT, check their supported devices list to see if your router's supported. It's a good security upgrade, and DD-WRT can also do cool things like monitor your internet usage, set up a network hard drive, act as a whole-house ad blocker, boost the range of your Wi-Fi network, and more. It essentially turns your $60 router into a $600 router."

WPS is a huge security flaw, when cracked it essentially passes over the WPA2 key. Since the vulnerability is on WPS, even setting a 60 digit WPA2 password will not slow a hacker down, they would get the full 60 digit WPA2 password in the same time frame as if an 8 digit WPA2 key was used. Of course if a home user notices the compromise, they may change their WPA2 key, usually leaving WPS to be re-exploited in the same way.